From 5606a07757ae0ad61cab36ec984e2226d1d65bae Mon Sep 17 00:00:00 2001
From: Kevin Froman <beardog@firemail.cc>
Date: Sun, 7 Oct 2018 00:06:44 -0500
Subject: [PATCH] work on foward secrecy

---
 onionr/core.py             |  2 ++
 onionr/onionrexceptions.py |  3 +++
 onionr/onionrusers.py      | 19 ++++++++++++-------
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/onionr/core.py b/onionr/core.py
index 691f1739..442ad901 100644
--- a/onionr/core.py
+++ b/onionr/core.py
@@ -76,6 +76,8 @@ class Core:
                 os.mkdir(self.dataDir + 'blocks/')
             if not os.path.exists(self.blockDB):
                 self.createBlockDB()
+            if not os.path.exists(self.forwardKeysFile):
+                self.dbCreate.createForwardKeyDB()
 
             if os.path.exists(self.dataDir + '/hs/hostname'):
                 with open(self.dataDir + '/hs/hostname', 'r') as hs:
diff --git a/onionr/onionrexceptions.py b/onionr/onionrexceptions.py
index 4954550e..f3cefe36 100644
--- a/onionr/onionrexceptions.py
+++ b/onionr/onionrexceptions.py
@@ -37,6 +37,9 @@ class InvalidPubkey(Exception):
 class KeyNotKnown(Exception):
     pass
 
+class DecryptionError(Exception):
+    pass
+
 # block exceptions
 class InvalidMetadata(Exception):
     pass
diff --git a/onionr/onionrusers.py b/onionr/onionrusers.py
index ea664839..5594a66c 100644
--- a/onionr/onionrusers.py
+++ b/onionr/onionrusers.py
@@ -59,15 +59,20 @@ class OnionrUser:
         retData = ''
         forwardKey = self._getLatestForwardKey()
         if self._core._utils.validatePubKey(forwardKey):
-            encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
+            retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
         else:
             raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
-        return (data, forwardKey)
+        return (retData, forwardKey)
     
     def forwardDecrypt(self, encrypted):
-        retData = ''
-        for key in self
-        return
+        retData = ""
+        for key in self.getGeneratedForwardKeys():
+            retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1])
+            if retData != False:
+                break
+        else:
+            raise onionrexceptions.DecryptionError("Could not decrypt forward secrecy content")
+        return retData
 
     def _getLatestForwardKey(self):
         # Get the latest forward secrecy key for a peer
@@ -116,11 +121,11 @@ class OnionrUser:
         conn.close()
         return newPub
 
-    def getGeneratedForwardKeys(self, peer):
+    def getGeneratedForwardKeys(self):
         # Fetch the keys we generated for the peer, that are still around
         conn = sqlite3.connect(self._core.peerDB, timeout=10)
         c = conn.cursor()
-        command = (peer,)
+        command = (self.publicKey,)
         keyList = [] # list of tuples containing pub, private for peer
         for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
             keyList.append((result[1], result[2]))